Export limit exceeded: 357830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357830 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6632 | 1 Xml2owl | 1 Xml2owl | 2026-04-23 | N/A |
| showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter. | ||||
| CVE-2007-6633 | 1 Netbizcity | 1 Faqmasterflexplus | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts. | ||||
| CVE-2007-6634 | 1 Netbizcity | 1 Faqmasterflexplus | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts. | ||||
| CVE-2007-6635 | 1 Netbizcity | 1 Faqmasterflexplus | 2026-04-23 | N/A |
| FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access. | ||||
| CVE-2007-6636 | 1 Bitflu | 1 Bitflu | 2026-04-23 | N/A |
| Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file. | ||||
| CVE-2007-6637 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. | ||||
| CVE-2007-6638 | 1 March Networks | 1 3204 Dvr | 2026-04-23 | N/A |
| March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz. | ||||
| CVE-2007-6639 | 1 Iptbb Team | 1 Iptbb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action. | ||||
| CVE-2007-6177 | 1 Php Con | 1 Php Con | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter. | ||||
| CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | ||||
| CVE-2007-6179 | 1 Kinson Chan Charray | 1 Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/. | ||||
| CVE-2007-6180 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. | ||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2026-04-23 | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | ||||
| CVE-2007-6181 | 1 Redhat | 1 Cygwin | 2026-04-23 | N/A |
| Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19. | ||||
| CVE-2007-6182 | 1 Growth | 1 Ispmanager | 2026-04-23 | N/A |
| The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments. | ||||
| CVE-2007-6183 | 1 Ruby Gnome2 | 1 Ruby Gnome2 | 2026-04-23 | N/A |
| Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. | ||||
| CVE-2007-6184 | 1 Project Alumni | 1 Project Alumni | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter. | ||||
| CVE-2007-6185 | 1 Eurologon | 1 Eurologon Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials. | ||||
| CVE-2007-6186 | 1 Phpdevshell | 1 Phpdevshell | 2026-04-23 | N/A |
| Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database." | ||||
| CVE-2007-6187 | 1 Noah | 1 Noah | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/. | ||||